Few applications operate without some form of login and access control. But how to implement this requirement best with Angular? This session gives an answer by showing a lot of patterns and best practices. It shows how to leverage tokens, like JWT, to increase the flexibility as well as how to use standards like OAuth 2 and OpenId Connect for Single Sign on and integrating existing Identity Providers, like Active Directory. We also talk about social login, misunderstandings, and solutions in this area. Furthermore, you will see some security attacks and how to prevent them. Finally, the underrated and security relevant topic single sign out is addressed.